Hearing device system, devices and method of creating a trusted bond between a hearing device and a user application

ABSTRACT

A method, performed by a user application, of creating a trusted bond between a hearing device and the user application is disclosed, wherein the method comprises obtaining first authentication material; transmitting a first authentication request comprising first authentication data to the hearing device; receiving a first authentication response comprising a sound signal from the hearing device; deriving second authentication material based on the sound signal; determining second authentication data based on the second authentication material; transmitting a second authentication request comprising the second authentication data to the hearing device; receiving a second authentication response comprising an authentication key identifier from the hearing device; storing an authentication key and the authentication key identifier, wherein the authentication key is based on the first authentication material; and connecting the user application to the hearing device using the authentication key and the authentication key identifier.

RELATED APPLICATION DATA

This application is a continuation of U.S. patent application Ser. No.15/939,847 filed on Mar. 29, 2018, pending, which claims priority to,and the benefit of, European Patent Application No. EP 17173675.4 filedon May 31, 2017. The entire disclosures of the above applications areexpressly incorporated by reference herein.

FIELD

The present disclosure relates to a hearing device system comprising ahearing device and a user accessory device. In particular, the presentdisclosure relates to methods and devices for creating a trusted bondbetween entities of a hearing device system.

BACKGROUND

Wireless communication to and from different entities of a hearingdevice system has been increasing in continuation of the developments ofintegrating wireless communication technology in hearing device systems.However, the new technologies entail new challenges for the hearing aidmanufacturers in order to secure communication in a hearing devicesystem. Wireless communication interfaces of a hearing device systemdesirably use an open standard-based interface. However, this poses manychallenges in terms of security.

SUMMARY

There is a need for apparatus, devices and methods for providing easy,efficient, and secure pairing of a user application and a hearingdevice.

Accordingly, a method, performed by a user application, of creating atrusted bond between a hearing device and the user application isdisclosed. The method comprises: obtaining first authenticationmaterial; transmitting a first authentication request comprising a firstauthentication type identifier and first authentication data to thehearing device; receiving a first authentication response comprising asound signal from the hearing device; deriving second authenticationmaterial based on the sound signal; determining second authenticationdata based on the second authentication material; transmitting a secondauthentication request comprising the second authentication data to thehearing device; receiving a second authentication response comprising anauthentication key identifier from the hearing device; storing anauthentication key and the authentication key identifier, wherein theauthentication key is based on the first authentication material; andconnecting the user application to the hearing device using theauthentication key and the authentication key identifier.

Further, a method, performed at a hearing device, of creating a trustedbond between the hearing device and a user application is disclosed. Themethod comprises: optionally transmitting security data of the hearingdevice, wherein the security data are indicative of an authenticationtype applied in the hearing device; transmitting first authenticationmaterial to the user application; receiving a first authenticationrequest comprising a first authentication type identifier and/or firstauthentication data; verifying the first authentication data;transmitting to the user application a first authentication responsecomprising a sound signal; receiving from the user application a secondauthentication request comprising second authentication data; verifyingthe second authentication data; and if verifying the secondauthentication data is successful: determining and storing anauthentication key and transmitting to the user application a secondauthentication response comprising an authentication key identifierindicative of the authentication key in the hearing device.

Also, a user application configured to perform methods performed by auser application described herein is provided. A hearing deviceconfigured to perform methods performed at a hearing device describedherein is provided.

A user application for a user accessory device of a hearing devicesystem comprising a hearing device is provided, the user accessorydevice comprising a processing unit; a memory unit; and an interface,wherein the user application when running on the user accessory deviceis configured to: obtain first authentication material; transmit a firstauthentication request comprising a first authentication type identifierand/or first authentication data to the hearing device; receive a firstauthentication response comprising a sound signal from the hearingdevice; derive second authentication material based on the sound signal;determine second authentication data based on the second authenticationmaterial; transmit a second authentication request comprising the secondauthentication data to the hearing device; receive from the hearingdevice a second authentication response comprising an authentication keyidentifier; store an authentication key and the authentication keyidentifier, wherein the authentication key is based on the firstauthentication material; and connect the user application to the hearingdevice using the authentication key and the authentication keyidentifier.

Even further, a hearing device is provided, the hearing devicecomprising: a processing unit; a memory unit; and an interface, whereinthe hearing device is configured to: transmit security data of thehearing device to the user application, wherein the security data areindicative of an authentication type applied in the hearing device;transmit first authentication material to the user application; receivefrom the user application a first authentication request comprising afirst authentication type identifier and first authentication data;verify the first authentication data; transmit to the user application afirst authentication response comprising a sound signal; receive fromthe user application a second authentication request comprising secondauthentication data; verify the second authentication data; determineand storing an authentication key if verifying the second authenticationdata is successful; and transmit to the user application a secondauthentication response comprising an authentication key identifierindicative of the authentication key in the hearing device if verifyingthe second authentication data is successful.

It is an advantage of the present disclosure that a secure and easypairing between a user application and a hearing device is provided, atleast after an initial pairing. Further, the present disclosure allowsfor a plurality of ways to authenticate a user application towards ahearing device, in turn providing increased design freedom for adispenser. In other words, the present disclosure provides theadvantages of ease of use, increased level of security and reduced levelof complexity.

The present methods, applications and devices enables a dispenser, thehearing device manufacturer and even the hearing device user to select asuitable initial method of creating a trusted bond (mutuallyauthenticated key exchange-based trusted bond) from a plurality of waysin order to create a trusted bond between a hearing device and a userapplication.

It is an important advantage that the authentication key is nottransmitted between the user application and the hearing device, whichincreases the security level in hearing device system communication.

A hearing device includes: a processing unit; a memory unit coupled tothe processing unit; and an interface coupled to the processing unit;wherein the hearing device is configured to: transmit security data ofthe hearing device to a user device, wherein the security data isindicative of an authentication type; transmit first authenticationmaterial to the user device; receive from the user device a firstauthentication request comprising a first authentication type identifierand first authentication data; verify the first authentication data; andtransmit to the user device a first authentication response, wherein thefirst authentication response comprises a sound signal.

Optionally, the hearing device is further configured to: receive fromthe user device a second authentication request comprising secondauthentication data; and verify the second authentication data.

Optionally, the hearing device is further configured to determine andstoring an authentication key in the hearing device if the secondauthentication data is successfully verified.

Optionally, the hearing device is further configured to transmit to theuser device a second authentication response comprising anauthentication key identifier indicative of the authentication key inthe hearing device if the second authentication data is successfullyverified.

A method performed by a hearing device, includes: transmitting securitydata of the hearing device to a user device, wherein the security datais indicative of an authentication type; transmitting firstauthentication material to the user device; receiving from the userdevice a first authentication request comprising a first authenticationtype identifier and first authentication data; verifying the firstauthentication data; and transmitting to the user device a firstauthentication response; wherein the first authentication responsecomprises a sound signal.

Optionally, the method further includes: receiving from the user devicea second authentication request comprising second authentication data;and verifying the second authentication data.

Optionally, the method further includes: determining and storing anauthentication key in the hearing device if the second authenticationdata is successfully verified.

Optionally, the method further includes: transmitting to the user devicea second authentication response if the second authentication data issuccessfully verified, the second authentication response comprising anauthentication key identifier indicative of the authentication key inthe hearing device.

Optionally, the sound signal comprises a random sound signal.

Optionally, the sound signal comprises one or more tones.

Optionally, the first authentication response is transmitted if thefirst authentication data is successfully verified.

A method of communication with a hearing device includes: obtaining, bya user device, first authentication material transmitted by the hearingdevice; transmitting a first authentication request comprising a firstauthentication type identifier and first authentication data to thehearing device; receiving a first authentication response comprising asound signal from the hearing device; deriving second authenticationmaterial based on the sound signal; determining second authenticationdata based on the second authentication material; and transmitting asecond authentication request comprising the second authentication datato the hearing device.

Optionally, the first authentication material comprises a hearing deviceidentifier and/or a first hearing device challenge value.

Optionally, the method further includes: determining a first commonsecret based on the first authentication material.

Optionally, the method further includes: determining an applicationsession key; and calculating the first authentication data based on theapplication session key.

Optionally, the method further includes: receiving a secondauthentication response comprising an authentication key identifier fromthe hearing device; and storing an authentication key and theauthentication key identifier, wherein the authentication key is basedon the first authentication material.

Optionally, the method further includes: connecting the user device tothe hearing device using the authentication key and the authenticationkey identifier.

Optionally, the method further includes: verifying the secondauthentication response; wherein the act of storing the authenticationkey and the authentication key identifier and/or the act of connectingthe user device to the hearing device using the authentication key andthe authentication key identifier is performed if the secondauthentication response is successfully verified.

Optionally, the method further includes: calculating the authenticationkey based on the first authentication material.

Optionally, the authentication key is based on the second authenticationmaterial.

Optionally, the method further includes: obtaining a public key of thehearing device, wherein the authentication key is based on the publickey of the hearing device.

Optionally, the method further includes: obtaining security data fromthe hearing device, wherein the first authentication type identifier isbased on the security data.

A product includes a set of instructions, an execution of which by aprocessing unit of a user device causes a method to be performed, themethod comprising: obtaining first authentication material transmitted;transmitting a first authentication request comprising a firstauthentication type identifier and first authentication data to ahearing device; receiving a first authentication response comprising asound signal from the hearing device; deriving second authenticationmaterial based on the sound signal; determining second authenticationdata based on the second authentication material; and transmitting asecond authentication request comprising the second authentication datato the hearing device.

Optionally, the method further comprises: receiving a secondauthentication response comprising an authentication key identifier fromthe hearing device; and storing an authentication key and theauthentication key identifier, wherein the authentication key is basedon the first authentication material.

Optionally, the method further comprises connecting the user device tothe hearing device using the authentication key and the authenticationkey identifier.

Optionally, the method further comprises verifying the secondauthentication response; wherein the act of storing the authenticationkey and the authentication key identifier and/or the act of connectingthe user device to the hearing device using the authentication key andthe authentication key identifier is performed if the secondauthentication response is successfully verified.

Optionally, the method further comprises calculating the authenticationkey based on the first authentication material.

Optionally, the authentication key is based on the second authenticationmaterial.

Optionally, the method further comprises obtaining a public key of thehearing device, wherein the authentication key is based on the publickey of the hearing device.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and other features and advantages will become readily apparentto those skilled in the art by the following detailed description ofexemplary embodiments thereof with reference to the attached drawings,in which:

FIG. 1 schematically illustrates a hearing system,

FIG. 2 shows an exemplary signaling diagram of signaling between a userapplication and a hearing device,

FIG. 3 is a flow diagram of an exemplary method according to thedisclosure.

FIG. 4 is a flow diagram of an exemplary method according to thedisclosure.

FIG. 5 schematically illustrates an exemplary hearing device.

DETAILED DESCRIPTION

Various exemplary embodiments and details are described hereinafter,with reference to the figures when relevant. It should be noted that thefigures may or may not be drawn to scale and that elements of similarstructures or functions are represented by like reference numeralsthroughout the figures. It should also be noted that the figures areonly intended to facilitate the description of the embodiments. They arenot intended as an exhaustive description of the invention or as alimitation on the scope of the claimed invention. In addition, anillustrated embodiment needs not have all the aspects or advantagesshown. An aspect or an advantage described in conjunction with aparticular embodiment is not necessarily limited to that embodiment andcan be practiced in any other embodiments even if not so illustrated, orif not so explicitly described.

The present disclosure relates to improved security in hearing systemcommunication, and in particular for communication between a useraccessory device having a user application installed thereon and ahearing device. The present disclosure relates to an effective hearingsystem communication that is robust against replay attacks, unauthorizedaccess, battery exhaustion attacks, and man-in-the-middle attacks.

The present method is intended for use in an initial authentication whena user application for the first time wants to create a connection to ahearing device. It is an advantage of the present disclosure thatsubsequent pairing is secure and efficient, e.g. can be performedwithout user interaction.

Approaches to initial wireless authentication between a hearing deviceand a user application are power cycling and passcode. However, thepasscode method requires the user to remember and input a password thatis used only once for the pairing, which is cumbersome. And the powercycling method is easy to use, but may be seen as sub-optimal as itmight exactly be what the hearing device user would do in case anattacker tries to connect to the hearing device. Thus, these approachesare not optimal in terms of satisfying the following: ease of use, andhigh level of security, and low level of complexity.

The present disclosure has the advantage that only the hearing deviceand the user application that communicates wirelessly with the hearingdevice and at the same time is capable of receiving the sound signalemitted by the hearing device are able to derive the same underlyingcryptographic material disclosed below. This present disclosure puts thehearing device user back in control of the initial authentication and ofthe communication with the hearing device. If an attacker connectswirelessly to the hearing device and want to authenticate, theattacker's user application would not be able to receive the soundsignal played as the hearing device emitting the sound signal is wearingthe hearing device in question. At the same time, the hearing deviceuser would know that an attacker is trying to connect to the hearingdevice because the hearing device would suddenly start to play sounds.

The present disclosure is applicable to a hearing device systemcomprising one or more hearing device, such as a monaural hearing devicesystem, a binaural hearing device system. The user application isconfigured to create a trusted bond with each of the hearing devices ofa binaural hearing device system in a scheduled manner, e.g. one hearingdevice at a time.

As used herein the term “identifier” refers to a piece of data that isused for identifying, such as for categorizing, and/or uniquelyidentifying. The identifier may be in a form of a word, a number, aletter, a symbol, a list, an array or any combination thereof. Forexample, the identifier as a number may be in the form of an integer,such as unsigned integer, uint, with a length of e.g. 8 bits, 16 bits,32 bits, or more, such as an array of unsigned integers. An identifiermay have a length of several bytes. For example, a hearing deviceidentifier may have a length of 20 bytes.

As used herein static string may be a string of characters, such as from4 to 16 characters, and/or a predefined array of bytes.

A hash function HASH used herein may be any suitable hash function, suchas SHA-1, SHA-2, SHA-3, MD5 or other hash functions.

The user accessory device comprises a memory unit and an interfacerespectively connected to a processing unit. The memory unit may includeremovable and non-removable data storage units including, but notlimited to, Read Only Memory (ROM), Random Access Memory (RAM), etc. Thememory unit has a user application stored thereon. The interfacecomprises an antenna and a wireless transceiver, e.g. configured forwireless communication at frequencies in the range from 2.4 to 2.5 GHz.The interface may be configured for communication, such as wirelesscommunication, with the hearing device comprising an antenna and awireless transceiver.

The present disclosure relates to easy-to-use, easy-to-deploy, andsecure and authenticated pairing between a user accessory device and ahearing device. The user accessory device forms an accessory device tothe hearing device.

The hearing device may be a hearing aid, e.g. of the behind-the-ear(BTE) type, in-the-ear (ITE) type, in-the-canal (ITC) type,receiver-in-canal (RIC) type or receiver-in-the-ear (RITE) type.Typically, the hearing device and the user accessory device is inpossession of and controlled by the hearing device user.

The methods, user applications and hearing devices disclosed hereincreate a trusted bond between a hearing device and the user application,thus reducing the complexity of subsequent authentication procedurebetween the user application and the hearing device. The trusted bondmay refer herein to a secure pairing between the hearing device and theuser application. The trusted bond ensures or guarantees that it is thehearing device user via the user application that is in control of whatthe hearing device does. For instance, it should only be the hearingdevice user that is able to put the hearing device into e.g. a devicefirmware update mode, and this should only be enabled exactly when thehearing user requests it through the user application. A “trusted bond”is also required to be established for enabling a hearing device toapply remote fine tuning settings to the hearing device via the userapplication.

The present disclosure relates to a method, performed by a userapplication, such as at the user application, of creating a trusted bondbetween a hearing device and the user application.

The method performed by a user application comprises obtaining firstauthentication material. In one or more exemplary methods, obtainingfirst authentication material may comprise transmitting a read messageto the hearing device and receiving a read response message from thehearing device, the read response message comprising the firstauthentication material. The first authentication material may comprisea hearing device identifier and/or a first hearing device challengevalue.

The method performed by a user application may comprise determining afirst common secret based on the first authentication material. Thefirst common secret may be based on the first hearing device challengevalue and the hearing device identifier.

The method performed by a user application comprises transmitting afirst authentication request comprising a first authentication typeidentifier and/or first authentication data to the hearing device. Thefirst authentication type identifier is indicative of the type ofauthentication used in the present authentication, such as the presentlydisclosed sound-based authentication scheme. Use of a firstauthentication type identifier facilitates the use of different initialauthentication schemes, e.g. as determined by the hearing device. In oneor more exemplary methods, the method comprises obtaining security datafrom the hearing device, and wherein the first authentication typeidentifier is based on the security data.

The method performed by a user application may comprise determining anapplication session key and calculating the first authentication databased on the application session key. The method performed by a userapplication may comprise determining a first authentication data,determining an application session key, e.g. based on the first commonsecret and/or a static string, and calculating the first authenticationdata based on the application session key.

In an illustrative example where the present disclosure is applied, thefirst common secret CS_1 may, e.g. if first authentication typeidentifier is indicative of the disclosed authentication type, be givenas:

CS_1 = HASH(HD_KEY, HD_CHALLENGE_1),

wherein HASH is a hash function, HD_KEY is a hearing device key, e.g.based on the hearing device identifier, and HD_CHALLENGE_1 is the firsthearing device challenge value.

The hearing device key HD_KEY may be given as:

HD_KEY = HASH(HD_ID, APP_KEY),

wherein HASH is a hash function, HD_ID is the hearing device identifier,and APP_KEY is keying material stored in the user application. Thehearing device key may also be found or stored in the hearing device,thus enabling the hearing device to calculate the first common secret.

The application session key APP_SK may be given as:

APP_SK = HASH(CS_1, APP_SK_STRING),

wherein HASH is a hash function, CS_1 is the first common secret andAPP_SK_STRING is a static string.

The first authentication data may be based on the first common secret.The method performed by a user application may comprise, e.g. as part ofdetermining the first authentication data, determining an applicationsession key, e.g. based on the first common secret and/or a staticstring, and calculating the first authentication data based on theapplication session key.

The first authentication data AD_1 may be generated by applying a hashfunction to the application session key and/or a static string. Forexample, the first authentication data AD_1 may be given as:

AD_1 = A E S(APP_SK, APP_S_STRING),

wherein AES is encryption with AES, APP_SK is the application sessionkey and APP_S_STRING is a static string. Thus, the first authenticationdata may be generated by encrypting a static string with the applicationsession key based on the first common secret.

The method performed by a user application comprises receiving a firstauthentication response comprising a sound signal from the hearingdevice. The sound signal may comprise one or more tones. The soundsignal may be generated at the hearing device by emitting one or moretones, such as Dual Tone Multiple Frequencies, DTMF, tones.

The method performed by a user application comprises deriving secondauthentication material based on the sound signal. In one or moreexemplary methods, deriving the second authentication material based onthe sound signal comprises deriving a sound value from the receivedsound signal. The sound value may be derived using a correspondencetable where a given number of tones are reflected into a correspondinggiven sound value provided in e.g. bits or bytes of information. Forexample, 8 tones may correspond to a 4 bytes sound value. In one or moreexemplary methods, deriving the second authentication material based onthe sound signal comprises applying a function to the firstauthentication material and a sound value derived from the sound signal.The function may comprise a one-way function, such as a hash function. Ahash function HASH used herein may be any suitable hash function, suchas SHA-1, SHA-2, SHA-3, MD5 or other hash functions. For example, thesecond authentication material may comprise a second common secret CS_2may, be given as:

CS_2 = HASH(HASH(HD_KEY, HD_CHALLENGE_1), SOUND_VALUE)  orCS_2 = HASH(CS_1, SOUND_VALUE),

wherein HASH is a hash function, CS_2 denotes the second common secret(which may be seen as an updated first common secret), HD_KEY denotes ahearing device key, e.g. based on the hearing device identifier,HD_CHALLENGE_1 denotes the first hearing device challenge value,SOUND_VALUE denotes a value derived from the received sound signal.

The method performed by the user application comprises determiningsecond authentication data based on the second authentication material.In one or more exemplary methods, determining second authentication databased on the second authentication material comprises deriving asecondary application session key based on the second authenticationmaterial and encrypting a value using the secondary application sessionkey. The application session key APP_SK_2 may be given as:

APP_SK_2 = HASH(CS_2, APP_SK_STRING),

wherein HASH is a hash function, CS_2 is the second common secret andAPP_SK_STRING is a static string.

The value to be encrypted with the secondary application session key maybe a static string, such as a predefined array of bytes. The secondauthentication data AD_2 may be given as:

AD_2 = AES(APP_SK⁻2, APP_S_STRING),

wherein AES is encryption with AES, APP_SK_2 is a secondary applicationsession key and APP_S_STRING is a static string. Thus, the secondauthentication data may be generated by an encrypting a static stringwith a secondary application session key, e.g. based on a second commonsecret. The second authentication data may comprise the resultingencrypted static string.

The method performed by the user application comprises transmitting asecond authentication request comprising the second authentication datato the hearing device.

The method performed by the user application comprises receiving asecond authentication response comprising an authentication keyidentifier from the hearing device. The method performed by the userapplication comprises storing an authentication key and theauthentication key identifier, wherein the authentication key is basedon the first authentication material. The method performed by the userapplication comprises connecting the user application to the hearingdevice using the authentication key and the authentication keyidentifier. For example, connecting the user application to the hearingdevice using the authentication key and the authentication keyidentifier comprises connecting the user application to the hearingdevice via a communication channel secured by the authentication key andthe authentication key identifier, e.g. secured using encryptiontechniques and/or integrity protection technique that make use of theauthentication key and the authentication key identifier.

In one or more exemplary methods, the method comprises verifying thesecond authentication response. The acts of storing authentication keyand authentication key identifier and/or connecting the user applicationto the hearing device using the authentication key and theauthentication key identifier may be performed if verifying the secondauthentication response is successful. Verifying the secondauthentication response may comprise determining a hearing devicesession key, e.g. based on the second common secret and/or a staticstring. The hearing device session key HD_SK may be given as:

HD_SK = HASH(CS_2, HD_SK_STRING),

wherein HASH is a hash function, CS_2 is the second common secret andHD_SK_STRING is a static string.

The second authentication response may comprise a hearing deviceauthentication data. Verifying the second authentication response maycomprise decrypting the hearing device authentication data using thehearing device session key.

It may be envisaged that connecting the user application to the hearingdevice may comprise transmitting a first authentication requestcomprising the authentication key identifier, first authentication databased on the stored authentication key as keying material stored in theuser application, and optionally a first authentication type identifierindicative of an authentication type, such as the presently disclosedauthentication type.

The method performed by a user application may comprise determining orcalculating the authentication key based on the first authenticationmaterial. The authentication key may be based on the secondauthentication material. For example, the second authentication materialmay comprise a second common secret CS_2 which is derived as:

CS_2 = HASH(HASH(HD_KEY, HD_CHALLENGE_1), SOUND_VALUE)  orCS_2 = HASH(CS_1, SOUND_VALUE),

wherein HASH is a hash function, CS_2 denotes the second common secret(which may be seen as an updated first common secret), HD_KEY denotes ahearing device key, e.g. based on the hearing device identifiercomprised in the first authentication material, HD_CHALLENGE_1 denotesthe first hearing device challenge value comprised in the firstauthentication material, SOUND_VALUE denotes a value derived from thereceived sound signal.

The authentication key AUTH_KEY may be derived in the following way:

AUTH_KEY = HASH(CS_2, AUTH_KEY_STRING),

wherein HASH is a hash function, CS_2 is the second common secret andAUTH_KEY_STRING is a static string.

The method performed by a user application may comprise obtainingsecurity data from the hearing device. The first authentication typeidentifier may be based on the security data. Thereby is allowed a userapplication and a hearing device to apply different types ofauthentication, e.g. as selected during fitting of the hearing device.The security data from the hearing device may comprise a type identifierindicative of the authentication to be applied in the userapplication/accepted by the hearing device. The security data maycomprise a keying material identifier enabling the user application toverify if the user application supports communication to the hearingdevice. The security data may be indicative of an authentication type.

The second authentication data may be based on a second common secret.The method performed by a user application may comprise, e.g. as part ofdetermining the second authentication data, calculating the secondcommon secret, determining a secondary application session key, e.g.based on the second common secret and/or a static string.

In one or more exemplary methods, the method performed by a userapplication may comprise obtaining a public key of the hearing device.The authentication key and/or the first authentication data may be basedon the public key of the hearing device. The first common secret may bebased on the public key of the hearing device. The public key of thehearing device may be a Diffie-Hellman public key. The method performedby a user application may comprise transmitting a public key of the userapplication to the hearing device. The first common secret may be basedon the public key of the hearing device and the public key of the userapplication. The first common secret CS_1 may, e.g. if firstauthentication type identifier is indicative of the disclosedauthentication type, be given as:

CS_1 = HASH(HASH(HD_KEY, HD_CHALLENGE_1), DH_SECRET),

wherein HASH is a hash function, HD_KEY is a hearing device key, e.g.based on the hearing device identifier, HD_CHALLENGE_1 is the firsthearing device challenge value, and DH_SECRET is the common secret (e.g.shared secret) of the Diffie-Hellman algorithm derived from the publickeys of the hearing device and the user application.

The second common secret CS_2 may, e.g. if first authentication typeidentifier is indicative of authentication type disclosed herein, begiven as

CS_2=HASH(HASH(HASH(HD_KEY, HD_CHALLENGE_1), DH_SECRET), SOUND_VALUE) or

CS_2=HASH(HASH(CS_1, DH_SECRET), SOUND_VALUE) or CS_2=HASH(CS_1′,SOUND_VALUE) where the first common secret updated with the DH secret:CS_1′=HASH(CS_1, DH_SECRET)wherein HASH is a hashing function, HD_KEY is a hearing device key, e.g.based on the hearing device identifier, HD_CHALLENGE_1 is the firsthearing device challenge value, SOUND_VALUE is based on the receivedsound signal, and DH_SECRET is the common secret of the Diffie-Hellmanalgorithm derived from the public keys of the hearing device and theuser application.

The present disclosure also provides a method, performed at a hearingdevice, of creating a trusted bond between the hearing device and a userapplication. The user application may be installed on a user accessorydevice, such as an accessory device controlled by the hearing deviceuser, e.g. a mobile phone, a tablet, a laptop, and/or a computing devicebelonging to the hearing device user.

The method performed at a hearing device may comprise transmittingsecurity data of the hearing device to the user application. Thesecurity data are optionally indicative of an authentication typeapplied in the hearing device. Transmitting security data of the hearingdevice to the user application may for example be in form a transmissionof the security data from the hearing device to the user applicationinstalled on a user accessory device.

The method performed at a hearing device may comprise connecting theuser application to the hearing device using the authentication key andthe authentication key identifier.

The method performed at a hearing device comprises transmitting firstauthentication material to the user application, such as to the useraccessory device having the user application installed thereon. Thefirst authentication material may comprise a hearing device identifierand/or a first hearing device challenge value. The method performed at ahearing device may comprise retrieving the hearing device identifierfrom a memory unit and/or generating the first hearing device challengevalue, e.g. as a random or pseudo-random value. The method performed ata hearing device may comprise storing the first hearing device challengevalue in the hearing device.

The method performed at a hearing device comprises receiving from theuser application (such as from the user accessory device) a firstauthentication request comprising a first authentication type identifierand/or first authentication data. The first authentication typeidentifier is indicative of which type of authentication is being usedby the user application. The type of authentication may for examplecomprise passcode-based authentication, power-based authentication,and/or sound-based authentication.

The method performed at a hearing device comprises verifying the firstauthentication data. Verifying the first authentication data in thehearing device may be based on the first authentication material, e.g.hearing device identifier and/or first hearing device challenge valueand/or DH_secret. For example, verifying the first authentication datamay be performed by comparing the first authentication data receivedwith authentication data calculated in the hearing device.

The method performed at the hearing device comprises transmitting to theuser application a first authentication response comprising a soundsignal. In one or more exemplary methods, transmitting the firstauthentication response comprising a sound signal comprises generating arandom sound signal, such as a randomized sound signal. For example, thesound signal may comprise one or more tones, such as randomly selectedtones (e.g. DTMF tones). In one or more exemplary methods, transmittingthe first authentication response is performed if verifying the firstauthentication data is successful.

The method performed at the hearing device comprises receiving from theuser application a second authentication request comprising secondauthentication data. The second authentication data may comprise acipher text encrypted by the user application using a secondaryapplication session key.

The method performed at the hearing device comprises verifying thesecond authentication data. For example, verifying the secondauthentication data comprises deriving a secondary application sessionkey based on the sound signal and decrypting the cipher text using thesecondary application session key. Deriving the secondary applicationsession key may comprise calculating a second common secret based on afirst common secret and a sound value generated to emit or derived fromthe sound signal, determining a secondary application session key, e.g.based on the second common secret and/or a static string.

The method performed at the hearing device comprises determining andstoring an authentication key, e.g. in a temporary memory and/or inauthentication key storage in memory unit of the hearing device, ifverifying the second authentication data is successful. For example,determining the authentication key may comprise calculating theauthentication key based on the first authentication material and/or thesound value. For example, determining the authentication key maycomprise determining a second common secret CS_2 which is derived as:

CS_2 = HASH(HASH(HD_KEY, HD_CHALLENGE_1), SOUND_VALUE)  orCS_2 = HASH(CS_1, SOUND_VALUE),

wherein HASH is a hash function, CS_2 denotes the second common secret(which may be seen as an updated first common secret), HD_KEY denotes ahearing device key e.g. based on the hearing device identifier comprisedin the first authentication material, HD_CHALLENGE_1 denotes the firsthearing device challenge value comprised in the first authenticationmaterial, SOUND_VALUE denotes a value derived from the received soundsignal.

In one or more exemplary methods, determining the authentication key maycomprise determining a second common secret CS_2 which is derived as:

CS_2=HASH(HASH(HASH(HD_KEY, HD_CHALLENGE_1), DH_SECRET), SOUND_VALUE)

orCS_2=HASH(HASH(CS_1, DH_SECRET), SOUND_VALUE) or CS_2=HASH(CS_1′,SOUND_VALUE) where the first common secret updated with the DH secret:

CS_1^(′) = HASH(CS_1, DH_SECRET)

wherein HASH is a hashing function, HD_KEY is a hearing device key, e.g.based on the hearing device identifier, HD_CHALLENGE_1 is the firsthearing device challenge value, SOUND_VALUE is based on the receivedsound signal, and DH_SECRET is the common secret of the Diffie-Hellmanalgorithm derived from the public keys of the hearing device and theuser application.

The authentication key AUTH_KEY may be derived in the following way:

AUTH_KEY = HASH(CS_2, AUTH_KEY_STRING),

wherein HASH is a hash function, CS_2 is the second common secret andAUTH_KEY_STRING is a static string.

The method performed at the hearing device comprises transmitting to theuser application a second authentication response if verifying thesecond authentication data is successful. The second authenticationresponse may comprise an authentication key identifier indicative of theauthentication key in the hearing device and optionally hearing deviceauthentication data. The hearing device authentication data HD_AD may begiven as:

HD_AD = AES (HD_SK, HD_S_STRING),

wherein AES is encryption with AES, HD_SK is the hearing device sessionkey based on the second common secret CS_2, and HD_S_STRING is a staticstring.

The hearing device session key HD_SK is given as:

HD_SK = HASH(CS_2, HD_SK_STRING),

wherein HASH is a hash function, such as SHA-2, CS_2 is the secondcommon secret and HD_SK_STRING is a static string.

Thus, the hearing device authentication data may be generated byencrypting a static string with the hearing device session key based onthe second common secret.

Features described in relation to the method performed by a userapplication may also be applied in the method performed at a hearingdevice. In particular, calculation of common secrets for verification ofauthentication data are preferably performed the same way in both thehearing device and the user application.

The present disclosure also relates to a user application for a useraccessory device. The user accessory device may be a computing device,such as a portable computing, such as a mobile phone, a smartphone, asmartwatch or a tablet computer. The user application is, when installedon the user accessory device, configured to create a trusted bondbetween a hearing device and the user application.

The present methods and devices enables simple and secure connectionsbetween a hearing device and a user application after an initialcreation of a trusted bond as disclosed herein. Accordingly,processing-heavy authentication or cumbersome procedures may be avoidedor at least heavily reduced after the trusted bond has been created.

Namely, the methods, user applications and hearing devices disclosedherein enable hearing system communication that is robust againstsecurity threats, vulnerabilities and attacks by implementingappropriate safeguards and countermeasures, such as security mechanisms,to protect against threats and attacks.

Throughout, the same reference numerals are used for identical orcorresponding parts.

FIG. 1 shows an exemplary hearing system. The hearing system 2 comprisesa server device 4 and a hearing device system 6 comprising a hearingdevice 8 and a user accessory device 10. The user accessory device 10may be a smartphone configured to wirelessly communicate with thehearing device 8. A user application 12 is installed on the useraccessory device 10, such as on the memory unit 38 and/or processingunit 36. The user application may be for controlling the hearing device8 and/or assisting a hearing device user. In one or more exemplary userapplications, the user application 12 is configured to transfer firmwareand/or hearing device settings to the hearing device. In one or moreexemplary user applications, the user application 12 is configured tocontrol operating parameters, such as volume, program, etc., of thehearing device

The hearing device 8 may be configured to compensate for hearing loss ofa user of the hearing device 8. The hearing device 8 is configured toconfigured to communicate with the user accessory device 10/userapplication 12, e.g. using a wireless and/or wired first communicationlink 20. The first communication link 20 may be a single hopcommunication link or a multi-hop communication link. The firstcommunication link 20 may be carried over a short-range communicationsystem, such as Bluetooth, Bluetooth low energy, IEEE 802.11 and/orZigbee.

The hearing device 8 comprises an interface including an antenna 24 anda radio transceiver 26 coupled to the antenna 24 forreceiving/transmitting wireless communication including firstcommunication link 20. The hearing device 8 comprises a set ofmicrophones comprising a first microphone 28 and optionally a secondmicrophone 30 for provision of respective first and second microphoneinput signals. The hearing device 8 may be a single-microphone hearingdevice. The hearing device 8 comprises a memory unit (not shown)connected to the processing unit 32. The hearing device 8 comprises aprocessing unit 32 connected to the transceiver 26 and microphones 28,30 for receiving and processing input signals. The processing unit 32 isconfigured to compensate for a hearing loss of a user based on hearingdevice settings and to provide an electrical output signal based on theinput signals. A receiver 34 converts the electrical output signal to anaudio output signal to be directed towards an eardrum of the hearingdevice user. The receiver 34 is configured to emit sound signals, suchas sounds, according to the present disclosure.

The user accessory device 10 comprises a processing unit 36, a memoryunit 38, an interface 40. The user application 12 is installed in thememory unit 38 of the user accessory device 10 and, when running on theuser accessory device, configured to obtain first authenticationmaterial, e.g. with obtain module 202 a; transmit to the hearing device8 a first authentication request comprising a first authentication typeidentifier and first authentication data to the hearing device 8, e.g.with transmit module 204 a; receive from the hearing device 8 a firstauthentication response comprising a sound signal, e.g. with receivemodule 206 a; derive second authentication material based on the soundsignal, e.g. with derive module 208 a; determine second authenticationdata based on the second authentication material, e.g. with determinemodule 210 a; transmit a second authentication request comprising thesecond authentication data to the hearing device 8, e.g. via transmitmodule 204 a; receive from the hearing device 8 a second authenticationresponse comprising an authentication key identifier, with e.g. receivemodule 206 a; store an authentication key and the authentication keyidentifier, e.g. with storing module 216 a, wherein the authenticationkey is based on the first authentication material; and connect the userapplication 12 or the user accessory device 10 to the hearing device 8using the authentication key and the authentication key identifier, e.g.with connecting module 218 a. The connecting module 218 a may also beused for connecting with the server device 4, e.g. in via secondcommunication link 22.

FIG. 2 shows an exemplary signaling diagram 100 between a userapplication 12 and a hearing device 8 illustrating exemplary methods ofcreating a trusted bond between a hearing device 8 and the userapplication 12.

The user application 12 obtains first authentication material includinga hearing device identifier HD_ID and a first hearing device challengevalue HD_CHALLENGE_1, e.g., by transmitting a read message 102 to thehearing device 8. The hearing device 8 generates the first hearingdevice challenge value, stores the first hearing device challenge valuein the memory unit of the hearing device 8, and transmits the firstauthentication material 104 to the user application 12 in a readresponse message 106 in response to receiving the read message 102 fromthe user application 12.

Further, the user application and the hearing device exchange publickeys for the Diffie-Hellmann algorithm by key exchange signalling 107.In one or more exemplary methods, the key exchange signalling 107 may beomitted.

The user application 12 determines first authentication data AD_1 andtransmits a first authentication type identifier AUT_T_ID1 and the firstauthentication data AD_1 to the hearing device in a first authenticationrequest 108. The first authentication type identifier AUT_T_ID1 is infirst authentication request 108 indicative of an authentication type tobe carried out subsequently. The first authentication data AD_1 aregiven by:

AD_1 = AES_COUNTER(APP_SK, APP_S_STRING),

wherein AES_COUNTER is encryption with AES in counter mode andAPP_S_STRING is a static string.

APP_SK is an application session key and given as:

APP_SK = HASH(CS_1, APP_SK_STRING),

wherein HASH is a hash function, such as SHA-2, and APP_SK_STRING is astatic string.CS_1 is a first common secret and is given as:

CS_1 = HASH(HASH(HD_KEY, HD_CHALLENGE_1), DH_SECRET),

wherein HASH is a hash function, such as SHA-2, HD_KEY is a hearingdevice key, HD_CHALLENGE_1 is the first hearing device challenge value,and DH_SECRET is the common secret of the Diffie-Hellman algorithmderived from the public keys of the hearing device and the userapplication during key exchange signalling 107. The two hash functionsused for determining CS_1 may be the same or different hash function.

HD_KEY is a hearing device key based on the hearing device identifierand given as:

HD_KEY = HASH(HD_ID, APP_KEY),

wherein HASH is a hash function, HD_ID is the hearing device identifier,and APP_KEY is keying material stored in the user application.

The hearing device 8 receives the first authentication request 108 andverifies the first authentication data AD_1 by decrypting AD_1 with anapplication session key. If the hearing device 8 successfully verifiesthe first authentication data and optionally accepts the authenticationtype indicated by the authentication type identifier, the hearing device8 transmits a first authentication response 110 by emitting a soundsignal comprising one or more tones. Prior to emitting the sound signal,the hearing device 8 generates a sound value (e.g. randomly) and selectsthe one or more tones based on the sound value.

The user application 12 receives the first authentication response 110from the hearing device 8 and derives second authentication materialbased on the first authentication response 110, such as based on thesound signal, such as by calculating a second common secret. Forexample, the second authentication material may comprise a second commonsecret CS_2 may, be given as:

CS_2 = HASH(HASH(HD_KEY, HD_CHALLENGE_1), SOUND_VALUE)  orCS_2 = HASH(CS_1, SOUND_VALUE),

wherein HASH is a hash function, CS_2 denotes the second common secret(which may be seen as an updated first common secret), HD_KEY denotes ahearing device key, e.g. based on the hearing device identifier,HD_CHALLENGE_1 denotes the first hearing device challenge value,SOUND_VALUE denotes a value derived from the received sound signal.

The user application 12 determines second authentication data based onthe second authentication material by deriving a secondary applicationsession key based on the second authentication material and encrypting avalue using the secondary application session key. The applicationsession key APP_SK_2 may be given as:

APP_SK_2 = HASH(CS_2, APP_SK_STRING),

wherein HASH is a hash function, CS_2 is the second common secret andAPP_SK_STRING is a static string.

The value to be encrypted with the secondary application session key maybe a static string, such as a predefined array of bytes. The secondauthentication data AD_2 may be given as:

AD_2 = AES(APP_SK_2, APP_S_STRING),

wherein AES is encryption with AES, APP_SK_2 is a secondary applicationsession key and APP_S_STRING is a static string.

The user application 12 transmits a second authentication request 112comprising the second authentication data AD_2 and the secondauthentication type identifier AUT_T_ID2 indicative of theauthentication type to be carried out subsequently.

The hearing device 8 receives the second authentication request 112comprising the second authentication data AD_2 and the secondauthentication type identifier AUT_T_ID2.

The hearing device 8 verifies the second authentication data AD_2 bydecrypting AD_2 with a secondary application session key. If the hearingdevice 8 successfully verifies the second authentication data AD_2, thehearing device stores the authentication key from temporary memory inauthentication key storage in memory unit of the hearing device with anassociated authentication key identifier AUTH_KEY_ID, determines hearingdevice authentication data based on the second common secret CS_2, andtransmits a second authentication response 114 comprising hearing deviceauthentication data HD_AD and the authentication key identifierAUTH_KEY_ID to the user application 12. The hearing deviceauthentication data HD_AD is given as:

HD_AD = AES_COUNTER(HD_SK, HD_S_STRING),

wherein AES_COUNTER is encryption with AES in counter mode, HD_SK is thehearing device session key based on the second common secret CS_2, andHD_S_STRING is a static string.

The secondary hearing device session key HD_SK is given as:

HD_SK = HASH(CS_2, HD_SK_STRING),

wherein HASH is a hash function, such as SHA-2, CS_2 is the secondcommon secret and HD_SK_STRING is a static string.

Thus, the hearing device authentication data may be generated byencrypting a static string with the hearing device session key based onthe second common secret.

The user application 12 receives the second authentication response 114.The user application 12 may verify the hearing device authenticationdata HD_AD comprised in the second authentication response by decryptingthe hearing device authentication data HD_AD and by comparing thedecryption result and the authentication data calculated in the userapplication based on the second common secret. If verifying the secondauthentication response is successful, the user application 12calculates the authentication key AUTH_KEY (if not calculated earlier)and stores the authentication key and the authentication key identifierAUTH_KEY_ID from the second authentication response 114 and connects byconnection signalling 116 to the hearing device using the authenticationkey AUTH_KEY and the authentication key identifier AUTH_KEY_ID.

FIG. 3 illustrates an exemplary method performed by a user applicationof creating a trusted bond between a hearing device and the userapplication. The method 200 comprises obtaining 202 first authenticationmaterial, the first authentication material comprising a hearing deviceidentifier and a first hearing device challenge value. In one or moreexemplary methods, obtaining 202 first authentication material maycomprise transmitting 202A a read message to the hearing device andreceiving 202B a read response message from the hearing device, the readresponse message comprising the first authentication material.

The method 200 optionally comprises obtaining 203 security data of thehearing device, the security data comprising a type identifierindicative of the authentication to be applied in the user application,and optionally a keying material identifier enabling the userapplication to verify if the user application supports communication tothe hearing device. The method 200 may comprise determining 203A a firstcommon secret based on the first authentication material to determinethe first authentication data. The first common secret may be based onthe first hearing device challenge value and the hearing deviceidentifier. Determining 203A first common secret optionally comprisesdetermining 203B the first authentication data based on the first commonsecret, e.g. as described in relation to FIG. 2. Determining 203A firstcommon secret optionally comprises determining 203C, e.g. as part of203B, an application session key, e.g. based on the first common secret,and optionally calculating the first authentication data based on theapplication session key. The first authentication request comprises thefirst authentication type identifier e.g. based on the security dataobtained in 203.

The method 200 proceeds to transmitting 204 a first authenticationrequest comprising a first authentication type identifier and the firstauthentication data to the hearing device

The method 200 comprises receiving 206 from the hearing device a firstauthentication response comprising a sound signal from the hearingdevice.

The method 200 comprises deriving 208 second authentication materialbased on the sound signal. In one or more exemplary methods, deriving208 the second authentication material based on the sound signalcomprises deriving 208A a sound value from the received sound signal. Inone or more exemplary methods, deriving 208 the second authenticationmaterial based on the sound signal comprises applying 208B a function tothe first authentication material and a sound value derived from thesound signal. The function may comprise a one-way function, such as ahash function. A hash function HASH used herein may be any suitable hashfunction, such as SHA-1, SHA-2, SHA-3, MD5 or other hash functions.

The method 200 comprises determining 210 second authentication databased on the second authentication material. In one or more exemplarymethods, determining 210 second authentication data based on the secondauthentication material comprises deriving 210A a secondary applicationsession key based on the second authentication material and encrypting210B a value using the secondary application session key.

The method 200 comprises transmitting 212 a second authenticationrequest comprising the second authentication data to the hearing device.

The method 200 comprises receiving 214 a second authentication responsecomprising an authentication key identifier from the hearing device. Themethod 200 comprises storing 216 an authentication key and theauthentication key identifier, wherein the authentication key is basedon the first authentication material. The method 200 comprisesconnecting 218 the user application to the hearing device using theauthentication key and the authentication key identifier. For example,connecting 218 the user application to the hearing device using theauthentication key and the authentication key identifier comprisesconnecting the user application to the hearing device via acommunication channel secured by the authentication key and theauthentication key identifier, e.g. secured using encryption techniquesand/or integrity protection technique that make use of theauthentication key and the authentication key identifier.

In one or more exemplary methods, the method comprises verifying 215 thesecond authentication response. The acts of storing 216 authenticationkey and authentication key identifier and/or connecting 218 the userapplication to the hearing device using the authentication key and theauthentication key identifier may be performed if verifying the secondauthentication response is successful.

The method 200 may comprises calculating the authentication key based onthe first authentication material and/or the second authenticationmaterial. The method may comprise obtaining a public key of the hearingdevice. In one or more exemplary methods, obtaining a public key of thehearing device may be performed before or after obtaining 202 firstauthentication material. Determining first authentication data may bebased on public keys of the hearing device and the user application,e.g. using a Diffie-Helmann scheme as described earlier.

FIG. 4 illustrates an exemplary method performed at a hearing device ofcreating a trusted bond between the hearing device and a userapplication. The method 300 comprises transmitting 302 security data ofthe hearing device to the user application, wherein the security dataare indicative of an authentication type applied in the hearing device;and transmitting 304 first authentication material. The firstauthentication material may comprise a hearing device identifier and afirst hearing device challenge value. The method 300 comprises receiving306, from the user application, a first authentication requestcomprising a first authentication type identifier and firstauthentication data. The method 300 comprises verifying 308 the firstauthentication data and/or first authentication type identifier.

The method 300 comprises transmitting 310 to the user application afirst authentication response comprising a sound signal. In one or moreexemplary methods, transmitting 310 the first authentication responsecomprising a sound signal comprises generating 310A a random soundsignal, such as a randomized sound signal. For example, the sound signalmay comprise one or more tones, such as randomly selected tones (e.g.,DTMF tones). In one or more exemplary methods, transmitting 310 thefirst authentication response is performed if verifying the firstauthentication data is successful.

The method 300 comprises receiving 312 from the user application asecond authentication request comprising second authentication data. Thesecond authentication data may comprise a cipher text encrypted by theuser application using a secondary application session key.

The method 300 comprises verifying 314 the second authentication data.For example, verifying 314 the second authentication data comprisesderiving a secondary application session key based on the sound signaland decrypting the cipher text using the secondary application sessionkey. Deriving the secondary application session key may comprisecalculating a second common secret based on a first common secret and asound value generated to emit or derived from the sound signal,determining a secondary application session key, e.g. based on thesecond common secret and/or a static string.

The method 300 comprises determining and storing 316 an authenticationkey, e.g., in a temporary memory and/or in authentication key storage inmemory unit of the hearing device, if verifying the secondauthentication data is successful. For example, determining theauthentication key may comprise calculating the authentication key basedon the first authentication material and/or the sound value.

The method 300 comprises transmitting 318 to the user application asecond authentication response if verifying the second authenticationdata is successful. The second authentication response may comprise anauthentication key identifier indicative of the authentication key inthe hearing device and optionally hearing device authentication data.

FIG. 5 shows an exemplary hearing device. The hearing device 8 comprisesa processing unit 350 including a transmit module 302 a, a receivemodule 306 a, a verification module 308 a, and a determine and storemodule 316 a. Further, the hearing device comprises a memory unit 352and an interface 354,

wherein the hearing device 8 is configured to transmit firstauthentication material, e.g. with transmit module 302 a; receive afirst authentication request comprising a first authentication typeidentifier and first authentication data, e.g. with receive module 306a; verify the first authentication data, e.g. with verification module306 a; transmit to the user application an first authentication responsecomprising a sound signal, e.g. with transmit module 302 a; receive fromthe user application a second authentication request comprising secondauthentication data, e.g. with receive module 306 a; verify the secondauthentication data, e.g. with verification module 306 a; determine andstore an authentication key, e.g. with determine and store module 308,if verifying the first authentication data is successful; and transmitto the user application a second authentication response comprising anauthentication key identifier indicative of the authentication key inthe hearing device, e.g. with transmit module 302 a, if verifying thesecond authentication data is successful.

The hearing device 8 may be arranged to execute at least parts ofmethods as disclosed herein. The processing unit 350 may furthercomprise a number of optional functional modules, such as any of atransmit module 302 a configured to perform any of steps 302, 304, 310,and 318, a receive module 306 a configured to perform step 306 and 312,verification module 308 a configured to perform step 308 and 314, anddetermine and store module 316 a configured to perform step 316. Ingeneral terms, each functional module may be implemented in hardwareand/or in software.

The use of the terms “first”, “second”, “third” and “fourth”, etc. doesnot imply any order, but are included to identify individual elements.Moreover, the use of the terms first, second, etc. does not denote anyorder or importance, but rather the terms first, second, etc. are usedto distinguish one element from another. Note that the words first andsecond are used here and elsewhere for labelling purposes only and arenot intended to denote any specific spatial or temporal ordering.Furthermore, the labelling of a first element does not imply thepresence of a second element and vice versa.

Although features have been shown and described, it will be understoodthat they are not intended to limit the claimed invention, and it willbe made obvious to those skilled in the art that various changes andmodifications may be made without departing from the spirit and scope ofthe claimed invention. The specification and drawings are, accordinglyto be regarded in an illustrative rather than restrictive sense. Theclaimed invention is intended to cover all alternatives, modifications,and equivalents.

LIST OF REFERENCES

-   2 hearing system-   4 server device-   6 hearing device system-   8 hearing device-   10 user accessory device-   12 user application-   20 first communication link-   22 second communication link-   24 antenna-   26 radio transceiver-   28 first microphone-   30 second microphone-   32 processing unit-   34 receiver-   36 processing unit-   38 memory unit-   40 interface-   100 signalling diagram-   102 read message-   104 first authentication data-   106 read response message-   107 key exchange signalling-   108 first authentication request-   110 first authentication response-   112 second authentication request-   114 second authentication response-   116 connection signalling-   200 method of creating a trusted bond between hearing device and    user application-   202 obtaining first authentication material-   202 a obtain module-   202A transmitting a read message to the hearing device-   202B receiving a read response message from the hearing device-   203 obtaining security data-   203A determining first common secret-   203B determining a first authentication data-   203C determining an application session key and calculating the    first authentication data based on the application session key-   204 transmitting first authentication request-   204 a transmit module-   206 receiving a first authentication response-   206 a receive module-   208 deriving second authentication material-   208 a derive module-   208A deriving a sound value-   208B applying a function-   210 determining second authentication data-   210 a determine module-   210A deriving a secondary application session key-   210B encrypting-   212 transmitting a second authentication request-   214 receiving a second authentication response-   215 verify-   216 storing an authentication key and the authentication key    identifier-   216 a storing module-   216A calculating an authentication key-   218 connecting-   218 a connect module-   300 Method performed at a hearing device of creating a trusted bond    between hearing device and user application-   302 transmitting security data-   302 a transmit module-   304 transmitting first authentication material-   306 receiving first authentication request-   306 a receive module-   308 verifying the first authentication data and/or first    authentication type identifier-   308 a verification module-   310 transmitting a first authentication response-   310A generating random sound signal-   312 receiving second authentication request-   314 verifying second authentication data-   316 determining and storing authentication key-   316 a determine and store module-   318 transmitting to the user application a second authentication    response-   350 processing unit-   352 memory unit-   354 interface

1. A hearing device comprising: a processing unit; a memory unit coupledto the processing unit; and an interface coupled to the processing unit;wherein the hearing device is configured to: transmit security data ofthe hearing device to a user device; transmit first authenticationmaterial to the user device; receive from the user device a firstauthentication request comprising first authentication data; verify thefirst authentication data; and transmit to the user device a firstauthentication response, wherein the first authentication responsecomprises a sound signal.
 2. The hearing device according to claim 1,wherein the first authentication response comprises a sound signal, andwherein the hearing device is configured to transmit the sound signal asat least a part of the first authentication response after receiving thefirst authentication request.
 3. The hearing device according to claim2, wherein the sound signal comprises a tone.
 4. The hearing deviceaccording to claim 3, wherein the tone is a random tone.
 5. The hearingdevice according to claim 1, wherein the hearing device is furtherconfigured to: receive from the user device a second authenticationrequest comprising second authentication data; and verify the secondauthentication data.
 6. The hearing device according to claim 5, whereinthe hearing device is further configured to determine an authenticationkey if the second authentication data is successfully verified.
 7. Thehearing device according to claim 6, wherein the hearing device isfurther configured to transmit to the user device a secondauthentication response comprising an authentication key identifierindicative of the authentication key if the second authentication datais successfully verified.
 8. A method performed by a hearing device, themethod comprising: transmitting security data of the hearing device to auser device; transmitting first authentication material to the userdevice; receiving from the user device a first authentication requestcomprising first authentication data; verifying the first authenticationdata; and transmitting to the user device a first authenticationresponse.
 9. The method according to claim 8, wherein the firstauthentication response comprises a sound signal, and wherein the soundsignal is transmitted by to hearing device as at least a part of thefirst authentication response after the first authentication request isreceived by the hearing device.
 10. The method according to claim 9,wherein the sound signal comprises a tone.
 11. The method according toclaim 10, wherein the tone is a random tone.
 12. The method according toclaim 8, further comprising: receiving from the user device a secondauthentication request comprising second authentication data; andverifying the second authentication data.
 13. The method according toclaim 12, further comprising determining an authentication key if thesecond authentication data is successfully verified.
 14. The methodaccording to claim 13, further comprising transmitting to the userdevice a second authentication response if the second authenticationdata is successfully verified, the second authentication responsecomprising an authentication key identifier indicative of theauthentication key.
 15. The method according to claim 8, wherein thefirst authentication response is transmitted if the first authenticationdata is successfully verified.
 16. A method of communication with ahearing device, the method comprising: transmitting, by a user device, afirst authentication request comprising first authentication data to thehearing device; receiving a first authentication response; determiningauthentication material based on the first authentication response;determining second authentication data based on the authenticationmaterial; and transmitting a second authentication request comprisingthe second authentication data to the hearing device.
 17. The methodaccording to claim 16, wherein the first authentication responsecomprises a sound signal provided by the hearing device; and wherein thesound signal from the hearing device is received by the user device asat least a part of the first authentication response, after the firstauthentication request is transmitted by the user device.
 18. The methodaccording to claim 16, further comprising receiving a hearing deviceidentifier and/or a first hearing device challenge value.
 19. The methodaccording to claim 18, further comprising determining a first commonsecret based on the hearing device identifier and/or the first hearingdevice challenge value.
 20. The method according to claim 16, furthercomprising: determining an application session key; and calculating thefirst authentication data based on the application session key.
 21. Themethod according to claim 16, further comprising obtaining anauthentication key.
 22. The method according to claim 21, furthercomprising connecting the user device to the hearing device using theauthentication key.
 23. The method according to claim 21, wherein theact of obtaining the authentication key comprises calculating theauthentication key.
 24. The method according to claim 21, wherein theauthentication key is based on the authentication material.
 25. Themethod according to claim 21, further comprising obtaining a public keyof the hearing device, wherein the authentication key is based on thepublic key of the hearing device.
 26. The method according to claim 16,further comprising receiving a second authentication response, andverifying the second authentication response.
 27. The method accordingto claim 16, further comprising obtaining security data from the hearingdevice.
 28. A product having a set of instructions, an execution ofwhich by a processing unit of a user device causes a method to beperformed, the method comprising: transmitting, by a user device, afirst authentication request comprising first authentication data to thehearing device; receiving a first authentication response; determiningauthentication material based on the first authentication response;determining second authentication data based on the authenticationmaterial; and transmitting a second authentication request comprisingthe second authentication data to the hearing device.
 29. The productaccording to claim 28, wherein the first authentication responsecomprises a sound signal provided by the hearing device; and wherein, inthe method, the sound signal from the hearing device is received by theuser device as at least a part of the first authentication response,after the first authentication request is transmitted by the userdevice.
 30. The product according to claim 28, wherein the methodfurther comprises receiving a hearing device identifier and/or a firsthearing device challenge value.
 31. The product according to claim 30,wherein the method further comprises determining a first common secretbased on the hearing device identifier and/or the first hearing devicechallenge value.